Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. In this episode, Matt Kelly and I take a deep dive into the Benczkowski Memo and what it means for not only the monitor selection process but for compliance officers who may be in front of the Justice Department in a FCPA investigation.

Some of the highlights from this podcast are:

  1. Will there be corporate monitors going forward?
  2. Tom argues this memo sets out a road map for any company under FCPA investigation to avoid a monitor.
  3. Matt wonders if this memo will assuage mergers and acquisition liability for inadequate pre-acquisition due diligence.

We unpack of all these points and consider strategies going forward.

For more reading: see Matt’s piece New DOJ Policy on Corporate Monitors and see Tom’s blog posts Astros Heading to Back-to-Back as DOJ Announces New Monitor Policy and Back-to-Back (again): More on the Benczkowski Memo.

 

This week I have returned to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. I am using themes from the Holmes short stories to illustrate broader application to components of a best practices compliance program. In this episode, I consider the theme of criminality and compliance.

In the story The Adventure of the Priory School, Watson meets a character, Reuben Hayes, who  believes to be the most “self-evident villain” he has ever seen. The tale revolves around the disappearance of a Duke’s son who is kidnapped by the Duke’s illegitimate son, James Wilder, who has in turn hired that most evil person Hayes to kidnap the lad. In pulling off the crime, Hayes had killed the lad’s tutor, one Heidegger, who had gone off in search of the boy. Holmes resolves the matter, while Hayes swings for his crime, the illegitimate son, Wilder is packed off to Australia.

Rarely do employees in companies begin with an intent to commit criminal acts. Yet by the time they have engaged in criminal fraud, there has usually been significant damage to the organization. One might only consider the recent criminal indictment of Elizabeth Holmes, founder and former Chief Executive Officer (CEO) of Theranos, Inc. and the company’s former COO, Sunny Balwani. I greatly doubt they originally planned to defraud investors out of millions of dollars or intentionally wrongly reported on the health of all those who were tested with their products. Yet the indictment alleges, at the end of the day, that they did so defraud a wide variety of stakeholders, customers and others. Now the company is down to just a few remaining employees.

But this type of massive fraud, perpetrated at the highest level, is a rarity in Foreign Corrupt Practices Act (FCPA) cases (although not unheard of). Yet, as the Association of Certified Fraud Examiners (ACFE) noted in its most recent Report to the Nations (Report), corruption represents one of the most significant fraud risks for organizations. This means that companies should understand the specific factors involved in corruption schemes so they can work to effectively prevent, detect and remediate them.

Some of the key findings in the Report around corruption were that 70% of corruption cases were perpetrated by someone in an organization who was in a position of authority; either a manager or senior executive. The top red flags in corruption cases were (1) an employee living beyond their means; (2) employees with unusually close associations with vendors or customer; (3) employees who were in financial difficulties; and (4) employees who had a ‘wheeler-dealer’ attitude when it came to doing business. Interestingly, corruption continues to be a worldwide problem. However, the part of the Report that will bring some of the most important insights to the compliance practitioner is the similarities between the fraud perpetrator and the employee engaged in corruption. They share the same profile. The mechanisms for concealing fraud are concealing or altering documents, creating fraudulent transactions and entries in the accounting system, altering transactions or files and override of internal controls to allow fraudulent transactions.

These observations point to the need for robust internal controls in every best practices compliance program. Such compliance internal controls can help detect and prevent fraud and corruption from occurring in a much more objective manner. For the reality is if the red flags noted as the top indicators of fraud appear in your organization, it is an objective sign that a more thorough investigation should take place.

I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes (Klinger) edited with notes by Leslie S. Klinger.

This week returns to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. This podcast series will focus on themes from the Sherlock Holmes short stories to illustrate broader application to components of a best practices compliance program. In this episode, I consider the theme of institutional justice through The Adventure of the Abbey Grange.

In the story The Adventure of the Abbey Grange, Holmes feels something is just not right about the story told by Lady Mary Brackenstall regarding the death of her step-father Sir Eustace Brackenstall. Holmes’ largest concern turns on the contents of three wine glasses, one of which contains beeswing and the other two do not. It turns out that Sir Eustace was killed by a companion of Lady Mary, which Holmes uncovers. However, Holmes has an adaptability for justice when the situation demands it, stating, “Once or twice in my career I feel that I have done more harm by my discovery of the criminal than ever he had done by his crime.” Satisfied the actions of the criminal and his accomplice (Lady Mary) were both warranted and just; Holmes does not report his findings to the local police. Klinger dryly noted, “his sympathies may have overridden his judgement: Many scholars believe that Holmes lets himself be fooled by a villainess clever than he credited.”

This story illustrates a key point for every CCO and compliance practitioner; institutional justice. As a CCO or compliance practitioner how can you work towards achieving it? Institutional justice is a primary factor as to whether an employee will come forward with a concern. Management might try a quick-fix reaction to a messy investigation with more reporting mechanisms, posters or asking a Chief Executive Officer (CEO) to use compliance training to generally get the word out. Employees view it as a trust issue, and you must garner that trust through providing institutional justice.

One of the ways to insure institutional justice is through the Fair Process Doctrine which mandates that every hotline complaint should be treated with both dignity and respect; with an efficient and thorough vetting. From there if discipline is warranted, a company should follow a prescribed process. Follow that process and an employee would almost always uphold a company’s decisions. Fail to follow the process and the employee would be required to engage in remedial action.

Companies must have an absolute prohibition against retaliation. If not, any sense of institutional justice will be destroyed. A final problem of inconsistent outcomes is that companies must demonstrate that consistent and fair outcomes are routine, regardless of people, relationships or scenarios. If employees view outcomes as fair, they will be more compelled to report concerns. Employees know that inconsistency equals personal risk.

Both the Fair Process Doctrine and the more recent concept of institutional justice are central to the modern compliance profession. The compliance profession must remind companies that even if they can engage in an action, they should not always do so. Sometimes the reputational damage, even if an action is legal, is so great that the risk cannot be managed. The compliance discipline within every company is the one corporate function most well suited to bringing institutional justice into the fabric of a company.

I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind (Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes (shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes (Klinger) edited with notes by Leslie S. Klinger.

Corporate training programs are a great investment. They’re designed to address specific needs to improve the organization and help minimize compliance issues. But given the number of employees and hours it takes to fulfill these requirements, it’s also a hefty expense. How can companies invest in such programs and keep their stakeholders happy? Join Tom Fox and Shawn Rogers as they talk about corporate governance and how it can streamline corporate training protocols.

  • What inspired Shawn to integrate corporate governance into his training protocols? Required training in corporations goes beyond traditional compliance risk training programs. There is training for safety, cybersecurity, information, and lifecycle management – and the list goes on and on. As the Lead Counsel of Compliance Training and Communications at General Motors, Shawn helped devise a plan to keep the selection of programs relevant and fresh, which was no small feat.
  • Faced with such a task, Shawn had to come up with an innovative solution. So he set up a more formalized corporate governance structure to look at required training. He and his peers assigned key players from executive and management roles to function as project heads. This allowed the different disciplines to participate in the course development process. Shawn reveals some excellent insights about the charter they set in place that lists their scope of responsibility.
  • What should a compliance officer look for in a training vendor? What is the process when it comes to considering a training vendor? Plenty of training vendors provide services and deliver results, but that’s not all that you should consider. Beyond the service and the price tag, there are several key factors you, as a compliance officer, will need to consider. Shawn shares a holistic approach to finding the right training vendor for your company.
  • One thing many companies don’t think about is whether you require key strategic partners to go through the same training material you use. The challenge here is determining who exactly should receive which programs. Shawn talks about the benefits and struggles of an ‘as needed’ or ‘as determined’ training deployment model for their employees and other partners.
  • Shawn shares that compliance training must seek continuous improvement. The advancements that have happened in many other industries have yet to reach the compliance field, but he is optimistic that innovations will soon be available to meet learner and accessibility issues and to make it more tailored to fit the user.
  • Few compliance professionals have implemented effective governance structures within their corporate training protocols. But given Shawn’s results, their approach shows that there’s always room for innovation – especially in compliance.

Ongoing Education

If you’re a compliance professional looking for a convenient and effective way to fulfill your continuing education requirements, go to FCPAComplianceReport.com/Courses and choose from 4 hour-long training packages that will keep you up to date with the latest developments in the compliance field.

Shawn Rogers

LinkedIn

General Motors

This week I return to one my favorite themes for every Chief Compliance Officer (CCO), compliance professional and compliance program: Sherlock Holmes. Over this new podcast series, I will be considering themes from the short stories to illustrate broader application to components of a best practices compliance program. In this Episode I, I consider the theme of communication in the context of the Adventure of the Red Circle.

Shmoop found that in addition to the overall storytelling of Dr. Watson, “nearly every character in the Sherlock Holmes stories is a storyteller.” Storytelling is a crucial part of the entire detective fiction genre, and the Sherlock Holmes stories really explore this aspect. Each tale begins with a new case, which is always narrated by a participant, and ends with some sort of confession/explanation scene. While we are on this journey with Holmes and Watson, both they and we “encounter tons of different people and listen to their stories. In a way, the cases that Holmes and Watson solve are like giant umbrella stories composed of a dozens of smaller stories being told by a revolving door of characters.”

In the story The Adventure of the Red Circle, Holmes solves the immediate mystery in front of him, as told by the landlady of a boarding house. The first mystery is that a lodger has not been seen for over 10 days, always staying in his room and only communicating with oblique messages such as SOAP, MATCH, DAILY GAZZETTE printed on a torn piece of paper. But Holmes divines a greater mystery as it turns out the lodger is not a man but a woman whose life is under threat and her male traveling companion can only communicate with her through references to newspaper columns. Holmes stated to Watson, “Education never ends, Watson. It is a series of lessons with the greatest for the last. This is an instructive case. There is neither money nor credit in it, and yet one would wish to tidy it up. When dusk comes we should find ourselves one stage advanced in our investigation.”

This story illustrates a couple of key points for every CCO and compliance practitioner. The first is listening. This second compliance pointer The Red Circle Illustrates is communication, for just as education never ends for Holmes, it should never end for a compliance practitioner, your communications on compliance should never end either. Third, the audience. To communicate effectively you need to understand your audience. In any corporation, there are multiple audiences who are the key stakeholders in the 360-degree process.

Finally, you need to evaluate what you have done. You can monitor your communication activities by tracking attendance at events, website statistics, open rate of emails, downloads of materials, video hits; in other words, the same techniques that your marketing folks would use to determine their messaging’s effectiveness. The objective is to build trust for the 360-degree process by determining if the goal is achieved. You can utilize surveys or focus groups to assess the impact on your target audience. By focusing on your customer customers of compliance, i.e., your employees, it allows you to identify gaps and improve the communication process for your compliance program.

I have used three primary resources in putting together this series: Maria Konnikova’s Mastermind(Konnikova); the online site shmoop.comand its blog post, The Return of Sherlock Holmes(shmoop); and finally the most seminal print work on the entire Holmes canon, the three-volume The New Annotated Sherlock Holmes(Klinger) edited with notes by Leslie S. Klinger.